<?php
    require_once("DB.php");

    class AdminLogin
    {

        function EnsureLogin()
        {
            global $DB;

            $loginid = $_COOKIE['loginid'];

            if (!empty($loginid) && preg_match('/^[a-z0-9]{1,}$/i', $loginid))
            {
                $DB->q_query->close();
                $DB->q_query->SQL = "SELECT * FROM person WHERE vchLoginID = '" . mysql_real_escape_string($loginid) . "'";
                $DB->q_query->open();

                if ($DB->q_query->RecordCount == 1)
                    return;
            }

            header('Location: AdminDoLogin.php');
        }

        function TryLogin( $username, $password )
        {
            global $DB;

            if (!empty($username) && !empty($password)) // && preg_match('/^[a-z0-9]{1,}$/i', $username) && preg_match('/^[a-z0-9]{1,}$/i', $password)
            {
                $DB->q_query->close();
                $DB->q_query->SQL = "SELECT * FROM person " .
                                         "WHERE vchEmail = '" . mysql_real_escape_string($username) . "' AND " .
                                         "vchPassword = '" . mysql_real_escape_string($password) . "'";
                $DB->q_query->open();

                if ($DB->q_query->RecordCount == 1)
                {
                    $loginid = md5(uniqid(rand(), true) . time());

                    $DB->q_query->Close();
                    $DB->q_query->LimitStart = -1;
                    $DB->q_query->LimitCount = -1;
                    $DB->q_query->SQL = "UPDATE person SET vchLoginID = '" . mysql_real_escape_string($loginid) . "' " .
                                             "WHERE vchEmail = '" . mysql_real_escape_string($username) . "' AND " .
                                             "vchPassword = '" . mysql_real_escape_string($password) . "'";

                    $DB->q_query->open();

                    setcookie('loginid', $loginid);

                    // Get person ID based on assigned loginID
                    // TODO: This should be changed so that person ID remains hidden...just use login ID

                    $DB->q_query->Close();
                    $DB->q_query->LimitStart = -1;
                    $DB->q_query->LimitCount = -1;
                    $DB->q_query->SQL = "SELECT iPersonID FROM person WHERE vchLoginID = '" . mysql_real_escape_string( $loginid ) . "'";

                    $DB->q_query->open();

                    $pid = $DB->q_query->iPersonID;

                    return $pid;
                }
            }

            return 0;
        }

        function TryRegister($username, $password)
        {

            global $DB;

            try
            {
                // Create a new org for the new user
                   $DB->q_query->close();
                   $DB->q_query->LimitStart = '-1';
                   $DB->q_query->LimitCount = '-1';
                   $query ="INSERT INTO org (bIsTenant) values (0)";
                   $DB->q_query->SQL = $query;
                   $DB->q_query->open();
                   $oid = mysql_insert_id();
                  SetSessionVar("oid", $oid);

                   // Create the new user
                   $DB->q_query->close();
                   $DB->q_query->LimitStart = '-1';
                   $DB->q_query->LimitCount = '-1';
                   $query = "INSERT INTO person (org_iOrgID, vchEmail, vchPassword) values (" . mysql_real_escape_string($oid) . ", '" . mysql_real_escape_string($username) . "', '" . mysql_real_escape_string($password) . "')";
                   $DB->q_query->SQL = $query;
                   $DB->q_query->open();

                }
                catch (Exception $e)
                {
                   $ex = $e;
                   return false;
                }

            return true;
        }
    }

    global $AdminLogin;

    $AdminLogin = new AdminLogin();

    function GetAdminLogin()
    {
        global $AdminLogin;

        return $AdminLogin;
    }
?>
